S3 Content Repository credentials security

When the Content Repository in Fineract - which stores the pictures of clients, workbook imports, etc - is used in conjunction with AWS S3 integration, it actually suffers from 2 huge problems:

1. The AWS access and secret keys should be passed as environment variables explicitly to the applications. This results in a huge security problem of exposing the AWS credentials directly.
2. The S3 integration for the Content Repository is NOT using the default AWS credential chain, therefore you cannot use EC2 Instance Profiles, you cannot use Service Accounts on K8S to grant access to the S3 bucket which stores the contents. The only way to configure it is through the access key and secret key environment variables.